Canada was the only G8 country without specific anti-spam legislation until the December 2010 adoption of Bill C-28 (commonly referred to as Canada’s Anti-Spam Legislation or CASL). CASL introduced new stringent anti-spam measures that, when they come into force, will have a significant impact on the electronic communication practices of companies operating in the Canadian marketplace.
Designed as one of the most stringent anti-spam regimes in the world, the legislation imposes significant restrictions on the use of commercial electronic messages which include not only email, but also text messages, instant messages and other messages sent from similar accounts (likely including some forms of social media messaging). Further, CASL has extremely broad reach, as the provisions regarding electronic messages apply if a computer system located in Canada is used to send or access the electronic message.
Draft regulations for CASL were published by the regulators, the Canadian Radio-television Telecommunications Commission (CRTC) and Industry Canada (IC) in the summer of 2011, and were subject to significant feedback from industry. The CRTC regulations to CASL were finalized in March 2012, but the remaining IC regulations are expected to be published in October and will be subject to a further comment period. There is currently some uncertainty as to when CASL will come into force, but it is expected to occur in 2013.
Commercial electronic messages and consent requirements
The provisions of CASL that will be most significant to a majority of businesses are those which limit and regulate commercial electronic messages (CEMs). A CEM is an electronic message that has as its purpose, or one of its purposes, encouraging participation in a commercial activity, even if there is no expectation of profit. Electronic messages include messages sent by any means of telecommunication, including text, email, audio, voice or image messages (although most voice communications will initially be excluded from the purview of CASL and will instead continue to be addressed under the current “do not call” legislation).
CASL prohibits the sending of CEMs to an electronic address unless:
- The recipient has given prior consent
- The message meets certain form and content requirements
In contrast to the “opt-out” regime under the U.S. CAN-SPAM Act, where the sender can send the message without prior consent subject to the recipient being able to “opt-out,” CASL requires active “opt-in” consent from the recipient prior to sending the CEM. Further, an electronic message requesting consent to receive further CEMs is itself a CEM and, therefore, cannot be sent without the consent of the recipient.
The opt-in consent must be express and the request for consent must meet further form and content requirements, unless one of the limited exceptions can be met. For example, consent can be implied where there is an existing business relationship (such as where a consumer has made a purchase from the sender within the past two years) or an existing non-business relationship (such as membership in a club or volunteer work) between the sender and the recipient. Consent can also be implied where the recipient has conspicuously published his or her address and has not indicated that he or she does not wish to receive unsolicited CEMs, or where the recipient has disclosed his or her address to the sender and has not indicated that he or she does not wish to receive unsolicited CEMs, provided that the CEM must be relevant to the person’s business role.
There are certain limited instances in which CEMs are exempt from the requirement for consent altogether, including instances in which a business sends the CEM in response to a request for a quote, to confirm or complete an existing transaction, or to provide safety, warranty, subscription or employment information. Such messages must still meet the form and content requirements.
The form and content requirements for CEMs include information that discloses the identity of and contact information for the sender as well as an “unsubscribe” mechanism that must meet certain prescribed requirements.
Statutory penalties and private right of action
Penalties for non-compliance with the provisions of CASL are significant, including fines of up to $10 million for corporations. Officers, directors and agents may be personally liable if they acquiesced in a violation of the statutory requirements. In addition, CASL includes a private right of action, allowing individuals to commence civil actions, including class actions, in court against anyone who violates CASL.
In light of the restrictive regime the CASL establishes and the significant penalties that are available, businesses that engage in commercial practices that involve electronic messages being sent or received in Canada should review their CEM practices and keep the progress of this legislation on their radar.